Secunia Research has discovered a vulnerability in Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). An error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. The vulnerability is confirmed in versions 4.15.0-r7 and 4.15.0. Other versions may also be affected.
f0fc9c0b15f4d208f5ddbd8f5c527f7918efef3e0855ee3238bb91aeec7edb50Secunia Security Advisory - Secunia Research has discovered a vulnerability in Baby Gekko, which can be exploited by malicious people to conduct cross-site scripting attacks.
59136adaf0e567b0ce15b4f2538944a0c01f2d4b96f4f62b0bdc2880f9857edcSecunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via an overly long "CSEC" HTTP response header. Successful exploitation allows execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.
88190841a21f5703514230e00d059f52693aa6867752ab05cf5658926bb7ec55Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Content-Length" HTTP response header. Successful exploitation may allow execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.
e3fca65bdb01a3b7b24ef54cae23d5e08cd0034667d410d5364cab845d4fe8a7Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system.
07d58c8854e7f3255cc40544ea9e0bbfc67f592ba11f516d1ed5f2d4697aa452Secunia Research has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code. Cisco Linksys PlayerPT ActiveX Control version 1.0.0.15 is affected. Other versions may also be affected.
a88c10267158fe9cf2d434bc63948819deb102117186a70288596b16e3102081Secunia Security Advisory - Secunia Research has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
47a76f37dddcb906d549b86ea166e660e939cb8fc5c91cf36d9e84456224bb63Secunia Research has discovered two vulnerabilities in Network Instruments Observer, which can be exploited by malicious people to compromise a vulnerable system. A boundary error in the "CSnmp::DecodePacket()" method (NISNMP.DLL) when processing the community string can be exploited to cause a heap-based buffer overflow via a specially crafted SNMP datagram. An error in the "CSnmp::DecodePacket()" method (NISNMP.DLL) when processing an Object Identifier (OID) can be exploited to cause a heap-based buffer overflow via a specially crafted Trap PDU (0xA4) SNMP datagram sent to UDP port 162. Successful exploitation of the vulnerabilities allows execution of arbitrary code, but may require the attacker to enumerate or guess the SNMP port. Observer version 15.1 Build 0007.0000 is affected.
47406405f7fbbaf3904168e2444043931477814738fb138699f2f1cd927dab1dSecunia Research has discovered a vulnerability in Network Instruments Observer, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "CSnmp::ASN1_ReadObjIDValue()" method (NISNMP.DLL) when processing an Object Identifier (OID) within a variable binding list. This can be exploited to cause a limited stack-based buffer overflow and cause a crash only via e.g. a specially crafted SetRequest SNMP datagram. Observer version 15.1 Build 0007.0000 is affected.
4b19996f632b90588e6f9fdda2fe95919af4b0bd7fa7dcf8b09165f3ad0b36c0Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in the JCE component for Joomla!, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.
f78f7ebdc4e00d7222b5ce8dc0bfd8954efeb6dfd0ffdb18cd8d4b3759a851eaSecunia Security Advisory - Secunia Research has discovered two vulnerabilities in the JCE component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.
97a9ddc1423e3e4d739dba63b1f53c98cb9bd14a770f12ffd1962707d7de27b9Secunia Security Advisory - Secunia Research has discovered a security issue in Quest Toad for Data Analysts, which can be exploited by malicious, local users to gain escalated privileges.
7b29ec9436a73582515b18edf5ed09ae4f79daa4f6445d05887070b8f048dfb2Secunia Research has discovered two vulnerabilities in RealNetworks Helix Server, which can be exploited by malicious people to cause a denial of service. RealNetworks Helix Server version 14.2.0.212 is affected.
5b1e1fa0cc0eed87f6da68ffae687141005db917dec8e254c0a6d683331a14a7Secunia Research has discovered a security issue in RealNetworks Helix Server, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the user and administrative credentials being insecurely stored in the flat file database (\Program Files\Real\Helix Server\adm_b_db\users\). This can be exploited by local users to disclose the clear text passwords. RealNetworks Helix Server version 14.2.0.212 is affected.
aca90a6e399548c638f4a6941e59231976b3ab8e08ca00038b88e7f290140d47Secunia Security Advisory - Secunia Research has discovered a vulnerability in Csound, which can be exploited by malicious people to compromise a user's system.
7aba921935a49680206265650e336b9cc7927470b1785bf919b526a3330c127aSecunia Security Advisory - Secunia Research has discovered two vulnerabilities in Csound, which can be exploited by malicious people to compromise a user's system.
69659b20202a16df034a6729952f138b480d1463a6d9b004716918dd25d1fa38Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in MinaliC, which can be exploited by malicious people to compromise a vulnerable system.
610b7a9f3e31c52d7ea88dca82d983ab0a49368fad8a82303c62b9870c5cf274Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in Csound, which can be exploited by malicious people to compromise a user's system.
4d6b201e3e5c27491f440ae9878ddb7be3f65d7ba2205356a56a9acb2c60c1eeSecunia Research has discovered a vulnerability in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of the "StopModule()" method and can be exploited via a specially crafted "lModule" parameter to reference an expected module structure at an arbitrary memory address. This can be exploited to dereference an arbitrary value in memory as a function pointer. Successful exploitation allows execution of arbitrary code. NTR ActiveX Control version 1.1.8 is affected.
f4c7913670d60302279ef9cbc25fdd9fd7774592fda24b75eade05cc79505853Secunia Research has discovered four buffer overflows in the NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. NTR ActiveX Control version 1.1.8 is affected.
749b21b3ffb4706107fa23982681c9002436ae13b7acd96089e1d8988fdcb778Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system.
5a0bf7c4dc4475cb359176df4b7139e7e02f704e20a1c2650c326eadf6978001Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in the WP Symposium plugin for WordPress, which can be exploited by malicious users to compromise a vulnerable system.
f603ca2942ad30ac7966b577e0d88c9cb23679a649720909f275b9132b7a34acSecunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in Wuzly, which can be exploited by malicious people to conduct cross-site scripting attacks, cross-site request forgery attacks, script insertion attacks, SQL injection attacks, disclose sensitive information, and bypass certain security restrictions.
2da1832a01b206e5f40312a63045e4268dc73489318e6392e25c8e6168e6dcc6Secunia Research has discovered a vulnerability in Sterling Trader, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in Base.exe when processing network requests (code 176). This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to a certain TCP port. Successful exploitation allows execution of arbitrary code, but requires guessing the TCP port, which is dynamically assigned. Version 7.0.2 is affected.
4bba5165e1e1a29e14507788d3f4a83164273e1104b6b0be79ccc37695952d76Secunia Research has discovered two vulnerabilities in Winamp version 5.622, which can be exploited by malicious people to compromise a user's system. An integer overflow error in the in_avi.dll plugin when allocating memory using the number of streams header value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file. An integer overflow error in the in_avi.dll plugin when allocating memory using the RIFF INFO chunk's size value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file.
86c5793878c1f8e344414a71231e48221830efa8d32e47599710d676f1c3ff5dSecunia Security Advisory - Secunia Research has discovered a vulnerability in the WP Symposium plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
ef8d03295a5b8b61200f02839f3de74f4b551a98c6e2336a438d5df2a5064211
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed